136
Cisco Nexus 5500 Series NX-OS Security Command Reference
OL-27883-02
Chapter I Commands
ip verify unicast source reachable-via
ip verify unicast source reachable-via
To configure Unicast Reverse Path Forwarding (Unicast RPF) on an interface, use the ip verify unicast
source reachable-via command. To remove Unicast RPF from an interface, use the no form of this
command.
ip verify unicast source reachable-via {any [allow-default] | rx}
no ip verify unicast source reachable-via {any [allow-default] | rx}
Syntax Description
Command Default None
Command Modes Interface configuration mode
Command History
Usage Guidelines You can configure one of the following Unicast RPF modes on an ingress interface:
• Strict Unicast RPF mode—A strict mode check is successful when the following matches occur:
–
Unicast RPF finds a match in the Forwarding Information Base (FIB) for the packet source
address.
–
The ingress interface through which the packet is received matches one of the Unicast RPF
interfaces in the FIB match.
If these checks fail, the packet is discarded. You can use this type of Unicast RPF check where
packet flows are expected to be symmetrical.
• Loose Unicast RPF mode—A loose mode check is successful when a lookup of a packet source
address in the FIB returns a match and the FIB result indicates that the source is reachable through
at least one real interface. The ingress interface through which the packet is received is not required
to match any of the interfaces in the FIB result.
This command does not require a license.
Examples This example shows how to configure loose Unicast RPF checking on an interface:
switch# configure terminal
switch(config)# interface ethernet 2/3
switch(config-if)# ip verify unicast source reachable-via any
any Specifies loose checking.
allow-default (Optional) Specifies the MAC address to be used on the specified interface.
rx Specifies strict checking.
Release Modification
5.2(1)N1(1) This command was introduced.
To Next Page
Loading...
